aws-rotate-iam-keys icon indicating copy to clipboard operation
aws-rotate-iam-keys copied to clipboard

Published 20 hours ago verified publisher icon rhyeal

Where to set the Days to reset the IAM Keys

Open KarthikShridhar opened this issue 4 years ago • 4 comments

Hello rhyeal,

I'm trying to use this script to rotate my keys automatically. But I'm not find the place where you are giving the number of days it should rotate. And I have multiple keys which I want to rotate based on the days they have created but its not working as expected. And the task scheduler which this is creating that also not working as expected. Could you please check once in the windows machine and try to fix this code. If I fix before that I can also prove the same :)

KarthikShridhar avatar Jun 30 '20 18:06 KarthikShridhar

I can see from file homebrew.mxcl.aws-rotate-iam-keys.plist, section StartCalendarInterval controls the run interval. The default run time is set to run at 0323 daily.

I have not personally modified the run interval, maybe you can refer to the link below, modify and update back if it works? https://alvinalexander.com/mac-os-x/launchd-plist-examples-startinterval-startcalendarinterval/

joesoh avatar Jan 22 '21 14:01 joesoh

I too am looking for a way to change the frequency with which aws-rotate-iam-keys rotates keys. I'd prefer every few days or weekly (rather than daily). Is there a way to do this?

levinotik avatar May 12 '21 16:05 levinotik

@levinotik if you are working with the Windows powershell script, all you have to do it is adding any of the options suggested in the following link, based on your needs :

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks-create

as for my personal case, I am currently trying using /mo 90 ( rotate the key every 90 days ) to be added straight after the -profile default /sc daily values of the script itself.

pc-star avatar Apr 05 '22 23:04 pc-star

That seems a nice idea, but sounds tricky to implement neatly (esp. if it is done in the launch daemon config).

The Homebrew formula hard-codes a daily schedule when generating the plist file, the time is somewhat irrelevant, but it is designed to run daily. You could edit the plist file though and change the schedule to limit it to specific weekdays etc.

Run brew services list, get the path to the plist file, probably ~/Library/LaunchAgents/homebrew.mxcl.aws-rotate-iam-keys.plist, edit it and add a Weekday key/value to the StartCalendarInterval dict.

Unfortunately, your changes will be obliterated if you re-install or upgrade. Maybe the formula installation process could read and respect any existing schedule to fix that. I might take a look sometime. PR for this would be most welcome :-)

mmrwoods avatar Jun 22 '23 15:06 mmrwoods